Upgrade Dawarich with JWT secret

[claytono]

Update the Dawarich web and Sidekiq images to 1.7.7.

Add a generated External Secrets password for JWT_SECRET_KEY and expose it to both Dawarich containers so the upgrade does not rely on the old unset JWT behavior.

[Copilot]

Pull request overview

Updates the Dawarich Kubernetes manifests to deploy Dawarich v1.7.7 and introduces a generated JWT_SECRET_KEY via External Secrets so the app no longer relies on the prior “unset JWT secret” behavior.

Changes:

• Bump freikin/dawarich image for both web and Sidekiq Deployments to 1.7.7 (pinned by digest).
• Add a Password generator + ExternalSecret that materializes JWT_SECRET_KEY into a dedicated Secret.
• Inject JWT_SECRET_KEY into both the web and Sidekiq containers via secretKeyRef.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
kubernetes/dawarich/password-generators.yaml	Adds a new External Secrets Password generator for the Dawarich JWT secret.
kubernetes/dawarich/externalsecret.yaml	Adds an ExternalSecret that rewrites the generator output into the JWT_SECRET_KEY Secret key.
kubernetes/dawarich/deploy-web.yaml	Updates Dawarich web image to 1.7.7 and wires JWT_SECRET_KEY env var from the new Secret.
kubernetes/dawarich/deploy-sidekiq.yaml	Updates Sidekiq image to 1.7.7 and wires JWT_SECRET_KEY env var from the new Secret.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d17b2f4a-75db-494a-a97e-cfad72ff7104

📥 Commits

Reviewing files that changed from the base of the PR and between d9dd83a and b657241.

📒 Files selected for processing (4)

• kubernetes/dawarich/deploy-sidekiq.yaml
• kubernetes/dawarich/deploy-web.yaml
• kubernetes/dawarich/externalsecret.yaml
• kubernetes/dawarich/password-generators.yaml

---

Walkthrough

The PR updates Dawarich deployments from version 1.6.1 to 1.7.7 across sidekiq and web containers, and introduces a JWT secret management pipeline: a password generator produces a 64-character secret, an ExternalSecret resource creates and manages the Kubernetes secret via the production ClusterSecretStore, and both deployments consume it as the JWT_SECRET_KEY environment variable.

Changes

Dawarich JWT Secret Management

Layer / File(s)	Summary
JWT Secret Generation kubernetes/dawarich/password-generators.yaml	New Password generator dawarich-jwt-secret-key creates a 64-character secret value with digits enabled and symbols disabled.
External Secret Configuration kubernetes/dawarich/externalsecret.yaml	New ExternalSecret resource dawarich-jwt-secrets wires the generated password to JWT_SECRET_KEY in the dawarich namespace secret, using the production ClusterSecretStore.
Deployment Image and JWT Environment Setup kubernetes/dawarich/deploy-sidekiq.yaml, kubernetes/dawarich/deploy-web.yaml	Sidekiq and web container images bumped to 1.7.7; both deployments add JWT_SECRET_KEY environment variable sourced from the dawarich-jwt-secrets Kubernetes secret.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• claytono/infra#1724: Both PRs update the Dawarich container image digest/tag in the same deployment manifests.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Upgrade Dawarich with JWT secret' accurately summarizes the main change: upgrading Dawarich and adding JWT secret handling.
Description check	✅ Passed	The description clearly relates to the changeset, explaining the image upgrade to 1.7.7 and the addition of JWT_SECRET_KEY configuration across both containers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dawarich-jwt-secret-upgrade

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}